feat: support verify signature

internal/server/controllers/plugins.go

@@ -42,6 +42,8 @@ func InstallPluginFromPkg(app *app.Config) gin.HandlerFunc {
 			return
 		}
 
+		verify_signature := c.PostForm("verify_signature") == "true"
+
 		dify_pkg_file, err := dify_pkg_file_header.Open()
 		if err != nil {
 			c.JSON(http.StatusOK, entities.NewErrorResponse(-500, err.Error()))
@@ -49,7 +51,7 @@ func InstallPluginFromPkg(app *app.Config) gin.HandlerFunc {
 		}
 		defer dify_pkg_file.Close()
 
-		service.InstallPluginFromPkg(app, c, tenant_id, dify_pkg_file)
+		service.InstallPluginFromPkg(app, c, tenant_id, dify_pkg_file, verify_signature)
 	}
 }
 

internal/service/install_plugin.go

@@ -19,7 +19,7 @@ import (
 	"github.com/langgenius/dify-plugin-daemon/internal/utils/stream"
 )
 
-func InstallPluginFromPkg(config *app.Config, c *gin.Context, tenant_id string, dify_pkg_file multipart.File) {
+func InstallPluginFromPkg(config *app.Config, c *gin.Context, tenant_id string, dify_pkg_file multipart.File, verify_signature bool) {
 	manager := plugin_manager.Manager()
 
 	plugin_file, err := io.ReadAll(dify_pkg_file)
@@ -34,11 +34,11 @@ func InstallPluginFromPkg(config *app.Config, c *gin.Context, tenant_id string,
 		return
 	}
 
-	if config.ForceVerifyingSignature {
+	if config.ForceVerifyingSignature || verify_signature {
 		err := verifier.VerifyPlugin(decoder)
 		if err != nil {
 			c.JSON(200, entities.NewErrorResponse(-500, errors.Join(err, errors.New(
-				"force verification has been enabled, and the plugin you want to install has a bad signature",
+				"plugin verification has been enabled, and the plugin you want to install has a bad signature",
 			)).Error()))
 			return
 		}